IT Security Professional I Please see Special Instructions for more details. East Carolina University requires applicants to submit a candidate profile online in order to be considered for the position. In addition to submitting a candidate profile online, please submit online the required applicant documents: Curriculum Vitae Letter of Interest List of Three References (noting contact information) Posting Details

Position Information

Job TitleIT Security Professional IPosition Number 500159Vacancy Open to All Candidates Department HSH Office of Institution IntegrityDepartment Homepage https://institutional-integrity.ecu.edu/Advertising Department OFFICE OF INSTITUTIONAL INTEGRITYDivision Health SciencesClassification Title Technology SpecialistWorking Title IT Security Professional INumber of Vacancies 1Full Time Equivalent (FTE) 1.0Full Time or Part Time Full TimeRecruitment RangeCommensurate with QualificationsPosition Location (City) GreenvillePosition TypeNon-FacultyJob Category Non-Faculty Instructional & ResearchOrganizational Unit Overview

The HIPAA Security section within the Office of Institutional Integrity manages the University’s HIPAA securitycompliance program.

It ensures University compliance with federal and state HIPAA security regulations and standards, internal and state HIPAA audits, policy development and enforcement, user awareness and education, incident response and recovery, and user account security for HIPAA systems. The mission of HIPAA Security is to establish a strong compliance program and a secure environment that safeguards the University’s electronic protected health information (ePHI).

Job Duties

The HIPAA Security Specialist helps develop, implement, and manage University-wide HIPAA Security projects to include: developing project specifications, writing requests for proposals, determining and allocating internal and external resources, managing external vendors, and meeting timeline expectations.

This employee is responsible for HIPAA security and compliance initiatives and collaborates among divisions within the University to ensure information systems are implemented in accordance with a) the mission of the University, b) HIPAA security standards c) University Policies and d) Federal and State laws and regulations.

Provide oversight, guidance, training, and detailed support to HIPAA Systems
Administrators and other employees for HIPAA system security implementation, maintenance, risk assessments, and support; develop and provision HIPAA security awareness training and programs across the University; document and track University HIPAA systems; examine the appropriateness and adequacy of current security awareness program and modify to meet HIPAA security needs for the University.

Collaborate with ITCS to help ensure workforce members receive communications regarding compliant solutions and security controls to ensure all controls are implemented prior to approving the use of appropriate information security applications, storage devices, and internal or hosted systems.

Coordinate and organize additional education, meetings, and sessions to assist workforce members with HIPAA security compliance issues.

Research the latest technology advances related to HIPAA security, provide support and a strong relationship with the Office of Research Integrity and Compliance, Internal Auditing and Management Advisory Services, ECU Legal Affairs, other University departments and leadership, and external parties on HIPAA security compliance requirements.

This employee will collaborate with multiple University personnel, including a very strong relationship with ECU ITCS to ensure federal HIPAA regulations and university policies are being met at the University.

Assist the HIPAA Security Officer with initiatives to ensure compliance across the University. Provide resource level support to the University in HIPAA security compliance for adherence to administrative, technical and physical security requirements; research HIPAA regulation and security industry security standards (ISO 27002, NIST, NIH) for HIPAA compliance; review technical, physical and administrative controls for existing, updated and new HIPAA systems and applications for HIPAA Security compliance; conduct business analyses to ensure the business and technical requirements for HIPAA systems have been addressed and integrated into design and function of systems and applications; perform technical and functional application security review for HIPAA systems that store, access or process protected health information (PHI) to determine the existing application security controls and if they meet required controls; conduct information security gap analyses to determine gap between required security controls as specified by HIPAA security regulation, security industry standards, existing security controls, and federal/state laws. Research, create, develop and enforce security policies, practices, standards and procedures that ensure the protection of University information and HIPAA systems as specified by ISO 27002 Information Security Standard, NIST standard, and other state and federal statutes; provide ITCS and distributed IT resources guidance in interpreting HIPAA security compliance requirements and performing application and system HIPAA security assessments.

Serve as the ECU HIPAA Security Specialist and assist in managing the daily HIPAA security activities as well as assist in managing all HIPAA security responsibilities under the guidance of the ECU HIPAA Security Officer. Advise IT and management across the University on HIPAA privacy and security compliance initiatives and practices. Manage and implement University-wide information projects inclusive of developing project specifications, determining and allocating internal and external resources and meeting timeline expectations.

Produce various reports as needed in order to fulfill research of compliance standards. Provide guidance and communication related to HIPAA to IT Security staff as appropriate. Assist in University information security incident response and reporting as required, and participate in HIPAA security incident responses as required.

Assist in research, investigate sensitive data issues for lost or stolen devices. Analyze and report on high risk information security, privacy, and compliance issues to workforce members.

Respond to HIPAA security issues; investigate HIPAA security violations and issue corrective actions for compliance as required by University Incident Response protocols; assist in coordinating responses to state and internal audits; meet with campus departments and consult on HIPAA security and compliance issues; and respond to requests from external agencies.

Assist in and or chair various University committees to represent and provide guidance regarding HIPAA Security compliance standards.

Serve on University and UNC systems information security committees. Report to external regulatory bodies as appropriate. Develop and maintain University HIPAA Security policies, standards and procedures to meet requirements as specified by HIPAA regulation; assist in Office’s website developing and maintaining efforts.

Other duties as assigned.

Minimum Education/Experience

Masters degree in a information technology field or health information technology
or
Bachelors degree in a information technology or health information technology field and two yrs experience.

License or Certification Required by Statute or Regulation

N/A

Preferred Experience, Skills, Training/Education

An understanding of IT service functions such as technical security, application development, server administration, database administration, and user account administration.
A working knowledge of HIPAA Security and Privacy Rule requirements and IT security principles and technical solutions for implementing those requirements.
An ability to read and understand key regulatory requirements and apply them to information security, privacy, and compliance requirements.
Ability to interpret various hardware, software, procedural, and policy manuals and other technical and complex documentation.
A working knowledge of disaster recovery preparedness and its dependence on business continuity planning and requirements.
A solid understanding of physical security practices for buildings and work spaces where employees and others handle sensitive and valuable information

Special Instructions to Applicant

East Carolina University requires applicants to submit a candidate profile online in order to be considered for the position. In addition to submitting a candidate profile online, please submit online the required applicant documents:

Curriculum Vitae
Letter of Interest
List of Three References (noting contact information)

Additional Instructions to Applicant

In order to be considered for this position, applicants must complete a candidate profile online via the PeopleAdmin system and submit any requested documents. Additionally, applicants that possess the preferred education and experience must also possess the minimum education/experience, if applicable.

Job Open Date 07/01/2019Open Until FilledYesJob Close Date - Positions will be posted until 11:59 p.m. EST on this date. If no closing date is indicated, the position may close at any time after the initial screening date.Initial Screening Begins 07/15/2019Rank LevelQuick Link for Direct Access to Posting http://ecu.peopleadmin.com/postings/29801AA/EOE

East Carolina University is an equal opportunity and affirmative action employer and seeks to create an environment that fosters the recruitment and retention of a more diverse student body, faculty, staff and administration. We encourage qualified applicants from women, minorities, veterans, individuals with a disability, and historically underrepresented groups. All qualified applicants will receive consideration for employment without regard to their race/ethnicity, color, genetic information, national origin, religion, sex, sexual orientation, gender identity, age, disability, political affiliation, or veteran status.

Individuals requesting accommodation under the Americans with Disabilities Act Amendments Act (ADAAA) should contact the Department for Disability Support Services at (252) 737-1016 (Voice/TTY).

Eligibility for Employment

Final candidates are subject to criminal & sex offender background checks. Some vacancies also require credit or motor vehicle checks. ECU participates in E-Verify. Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States.

Office of Human Resources Contact Information

If you experience any problems accessing the system or have questions about the application process, please contact the Office of Human Resources at (252) 328-9847 or toll free at 1-866-489-1740 or send an email to employment@ecu.edu. Our office is available to provide assistance Monday-Friday from 8:00-5:00 EST.

Supplemental Questions

Required fields are indicated with an asterisk (*).

1. * Please indicate where you learned about this job vacancy.
   • Workplace Diversity
   • Diversity.com
   • LinkedIn
   • Greenville Daily Reflector
   • Raleigh News & Observer
   • Chronicle of Higher Education
   • InsightIntoDiversity.com
   • Journal of Blacks in Higher Ed
   • Hispanic Outlook
   • Women in Higher Ed
   • HigherEdJobs.com
   • InsideHigherEd.com
   • Yahoo HotJobs.com
   • Monster.com
   • ECU Website
   • Other

Documents Needed To ApplyRequired Documents

1. Curriculum Vitae/Resume
2. Cover Letter
3. List of References

Optional Documents